After you initialize KDC in VMware Identity Manager, you must create public DNS records to allow the Kerberos clients to find the KDC when the built-in Kerberos authentication feature is enabled.
The KDC realm name is used as part of the DNS name for the VMware Identity Manager appliance entries that are used to discover the KDC service. Two DNS records are required for each VMware Identity Manager site and two address entries.
::ffff:175c:e147on the DNS server. You can use an IPv4 to IPv6 conversion tool, such as one available from Neustar.UltraTools, to convert IPv4 to IPv6 address notation.
DNS Record Entries for KDC
In this example DNS record, the realm is
EXAMPLE.COM; the VMware Identity Manager fully qualified domain name is
idm.example.com, and the VMware Identity Manager IP address
kdc.example.com. 1800 IN A 18.104.22.168
kdc.example.com. 1800 IN AAAA ::ffff:22.214.171.124
_kerberos._tcp.idm.EXAMPLE.COM IN SRV 10 0 88 kdc.example.com.
_kerberos._udp.idm.EXAMPLE.COM IN SRV 10 0 88 kdc.example.com.